KDC_ERR_PREAUTH_REQUIRED,
KDC_ERR_C_PRINCIPAL_UNKNOWN,
KDC_ERR_S_PRINCIPAL_UNKNOWN,
+ KDC_ERR_TKT_EXPIRED,
KDC_ERR_TGT_REVOKED,
KRB_ERR_TKT_NYV,
KDC_ERR_WRONG_REALM,
self._fast(tgt, creds, expected_error=KDC_ERR_GENERIC,
expect_edata=self.expect_padata_outer)
+ # Test with a TGT that has the lifetime of a kpasswd ticket (two minutes).
+ def test_tgs_kpasswd(self):
+ creds = self._get_creds()
+ tgt = self.modify_lifetime(self._get_tgt(creds), lifetime=2 * 60)
+ self._run_tgs(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
+
+ def test_renew_kpasswd(self):
+ creds = self._get_creds()
+ tgt = self._get_tgt(creds, renewable=True)
+ tgt = self.modify_lifetime(tgt, lifetime=2 * 60)
+ self._renew_tgt(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
+
+ def test_validate_kpasswd(self):
+ creds = self._get_creds()
+ tgt = self._get_tgt(creds, invalid=True)
+ tgt = self.modify_lifetime(tgt, lifetime=2 * 60)
+ self._validate_tgt(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
+
+ def test_s4u2self_kpasswd(self):
+ creds = self._get_creds()
+ tgt = self.modify_lifetime(self._get_tgt(creds), lifetime=2 * 60)
+ self._s4u2self(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
+
+ def test_user2user_kpasswd(self):
+ creds = self._get_creds()
+ tgt = self.modify_lifetime(self._get_tgt(creds), lifetime=2 * 60)
+ self._user2user(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
+
+ def test_fast_kpasswd(self):
+ creds = self._get_creds()
+ tgt = self.modify_lifetime(self._get_tgt(creds), lifetime=2 * 60)
+ self._fast(tgt, creds, expected_error=KDC_ERR_TKT_EXPIRED)
+
# Test user-to-user with incorrect service principal names.
def test_user2user_matching_sname_host(self):
creds = self._get_creds()
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_ldap_service_ticket\(ad_dc\)
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_get_ticket_for_host_service_of_machine_account\(ad_dc\)
#
+# KDC TGS tests
+#
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_kpasswd.ad_dc
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_renew_kpasswd.ad_dc
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_kpasswd.ad_dc
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_kpasswd.ad_dc
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_user2user_kpasswd.ad_dc
+^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_validate_kpasswd.ad_dc
+#
# KDC TGS PAC tests
#
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_service_no_auth_data_required\(ad_dc\)